SYMBOLCOMMON_NAMEaka. SYNONYMS

Silence group  (Back to overview)

aka: Silence, Silence APT group, WHISPER SPIDER

a relatively new threat actor that’s been operating since mid-2016 Group-IB has exposed the attacks committed by Silence cybercriminal group. While the gang had previously targeted Russian banks, Group-IB experts also have discovered evidence of the group's activity in more than 25 countries worldwide. Group-IB has published its first detailed report on tactics and tools employed by Silence. Group-IB security analysts' hypothesis is that at least one of the gang members appears to be a former or current employee of a cyber security company. The confirmed damage from Silence activity is estimated at 800 000 USD. Silence is a group of Russian-speaking hackers, based on their commands language, the location of infrastructure they used, and the geography of their targets (Russia, Ukraine, Belarus, Azerbaijan, Poland, and Kazakhstan). Although phishing emails were also sent to bank employees in Central and Western Europe, Africa, and Asia). Furthermore, Silence used Russian words typed on an English keyboard layout for the commands of the employed backdoor. The hackers also used Russian-language web hosting services.


Associated Families
win.atmosphere win.silence

References
2020-12-14BluelivAlberto Marín, Carlos Rubio, Blueliv Labs Team
@online{marn:20201214:using:e81621e, author = {Alberto Marín and Carlos Rubio and Blueliv Labs Team}, title = {{Using Qiling Framework to Unpack TA505 packed samples}}, date = {2020-12-14}, organization = {Blueliv}, url = {https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/using-qiling-framework-to-unpack-ta505-packed-samples/}, language = {English}, urldate = {2020-12-15} } Using Qiling Framework to Unpack TA505 packed samples
AndroMut Azorult Silence TinyMet
2020-06-22CERT-FRCERT-FR
@techreport{certfr:20200622:volution:fba1cfa, author = {CERT-FR}, title = {{Évolution De Lactivité du Groupe Cybercriminel TA505}}, date = {2020-06-22}, institution = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-006.pdf}, language = {French}, urldate = {2020-06-24} } Évolution De Lactivité du Groupe Cybercriminel TA505
Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot
2020-04-23CERT-FRCERT-FR
@techreport{certfr:20200423:le:4dbca96, author = {CERT-FR}, title = {{LE GROUPE CYBERCRIMINEL SILENCE}}, date = {2020-04-23}, institution = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-004.pdf}, language = {French}, urldate = {2020-05-07} } LE GROUPE CYBERCRIMINEL SILENCE
Silence
2020-03-26TelekomThomas Barabosch
@online{barabosch:20200326:ta505s:24d9805, author = {Thomas Barabosch}, title = {{TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer}}, date = {2020-03-26}, organization = {Telekom}, url = {https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-s-box-of-chocolate-597672}, language = {English}, urldate = {2020-03-27} } TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer
Amadey Azorult Clop FlawedGrace Get2 SDBbot Silence TinyMet TA505
2020-01-13Github (Tera0017)Tera0017
@online{tera0017:20200113:tafof:d939bc6, author = {Tera0017}, title = {{TAFOF Unpacker}}, date = {2020-01-13}, organization = {Github (Tera0017)}, url = {https://github.com/Tera0017/TAFOF-Unpacker}, language = {English}, urldate = {2020-03-30} } TAFOF Unpacker
Clop Get2 Silence
2019-08Group-IBGroup-IB
@online{groupib:201908:attacks:9da5611, author = {Group-IB}, title = {{Attacks by Silence}}, date = {2019-08}, organization = {Group-IB}, url = {https://www.group-ib.com/resources/threat-research/silence.html}, language = {English}, urldate = {2020-01-07} } Attacks by Silence
Silence DDoS Kikothac Silence
2019-08Group-IBGroup-IB
@techreport{groupib:201908:silence:1845381, author = {Group-IB}, title = {{Silence 2.0 - Going Global}}, date = {2019-08}, institution = {Group-IB}, url = {https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf}, language = {English}, urldate = {2019-12-17} } Silence 2.0 - Going Global
Silence
2019-02-11One Night in NorfolkKevin Perlow
@online{perlow:20190211:how:05b5d9a, author = {Kevin Perlow}, title = {{How the Silence Downloader Has Evolved Over Time}}, date = {2019-02-11}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/how-the-silence-downloader-has-evolved-over-time/}, language = {English}, urldate = {2020-05-19} } How the Silence Downloader Has Evolved Over Time
Silence
2019-02-06One Night in NorfolkKevin Perlow
@online{perlow:20190206:some:8835f31, author = {Kevin Perlow}, title = {{Some Notes on the Silence Proxy}}, date = {2019-02-06}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/some-notes-on-the-silence-proxy/}, language = {English}, urldate = {2020-05-19} } Some Notes on the Silence Proxy
Silence
2019-01-24ReaqtaReaqta
@online{reaqta:20190124:silence:08baddd, author = {Reaqta}, title = {{Silence group targeting Russian Banks via Malicious CHM}}, date = {2019-01-24}, organization = {Reaqta}, url = {https://reaqta.com/2019/01/silence-group-targeting-russian-banks/}, language = {English}, urldate = {2019-11-28} } Silence group targeting Russian Banks via Malicious CHM
Silence Silence group
2018-09-05ZDNetCatalin Cimpanu
@online{cimpanu:20180905:new:c1c9e19, author = {Catalin Cimpanu}, title = {{New Silence hacking group suspected of having ties to cyber-security industry}}, date = {2018-09-05}, organization = {ZDNet}, url = {https://www.zdnet.com/article/new-silence-hacking-group-suspected-of-having-ties-to-cyber-security-industry/}, language = {English}, urldate = {2019-12-19} } New Silence hacking group suspected of having ties to cyber-security industry
Atmosphere
2018-09-05Group-IBGroup-IB
@online{groupib:20180905:silence:6886d17, author = {Group-IB}, title = {{Silence: Moving into the Darkside}}, date = {2018-09-05}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/silence}, language = {English}, urldate = {2019-12-18} } Silence: Moving into the Darkside
Silence group
2017-11-01IntezerJay Rosenberg
@online{rosenberg:20171101:silence:087cfb3, author = {Jay Rosenberg}, title = {{Silence of the Moles}}, date = {2017-11-01}, organization = {Intezer}, url = {http://www.intezer.com/silenceofthemoles/}, language = {English}, urldate = {2019-11-27} } Silence of the Moles
Silence
2017-11-01Kaspersky LabsGReAT
@online{great:20171101:silence:b22eae0, author = {GReAT}, title = {{Silence – a new Trojan attacking financial organizations}}, date = {2017-11-01}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-silence/83009/}, language = {English}, urldate = {2019-12-20} } Silence – a new Trojan attacking financial organizations
Silence Silence group

Credits: MISP Project